Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- export DEBUG= # uncomment/comment to enable/disable debug mode
- # http://www.dd-wrt.com/phpBB2/viewtopic.php?t=278939
- SCRIPT="/tmp/btguard/route-up.sh"
- cat << "EOF" > $SCRIPT
- #!/bin/sh
- (
- [ ${DEBUG+x} ] && set -x
- TID="200"
- VPN_IF="$dev" # provided by OpenVPN at runtime
- VPN_GW="$route_vpn_gateway" # provided by OpenVPN at runtime
- WAN_GW="$route_net_gateway" # provided by OpenVPN at runtime
- # copy main routing table to bypass routing table (exclude all
- # default gateways)
- ip route show | grep -Ev '^default|^0.0.0.0/1|^128.0.0.0/1' \
- | while read route; do
- ip route add $route table $TID
- done
- # add VPN as default gateway
- ip route add default via $VPN_GW table $TID
- # return WAN back to default gateway in main routing table
- ip route add 0.0.0.0/2 via $WAN_GW
- ip route add 64.0.0.0/2 via $WAN_GW
- ip route add 128.0.0.0/2 via $WAN_GW
- ip route add 192.0.0.0/2 via $WAN_GW
- # force routing system to recognize our changes
- ip route flush cache
- # add source IP(s)/network(s) to be routed over VPN
- ip rule add from 192.168.1.7 table $TID
- ip rule add from 192.168.1.113 table $TID
- ip rule add from 192.168.2.0/24 table $TID
- ) 2>&1 | logger -t $(basename $0)[$$]
- EOF
- chmod +x $SCRIPT
- SCRIPT="/tmp/btguard/route-down.sh"
- cat << "EOF" > $SCRIPT
- #!/bin/sh
- (
- [ ${DEBUG+x} ] && set -x
- TID="200"
- VPN_IF="$dev" # provided by OpenVPN at runtime
- VPN_GW="$route_vpn_gateway" # provided by OpenVPN at runtime
- WAN_GW="$route_net_gateway" # provided by OpenVPN at runtime
- # reset main routing table
- ip route del 0.0.0.0/2 via $WAN_GW
- ip route del 64.0.0.0/2 via $WAN_GW
- ip route del 128.0.0.0/2 via $WAN_GW
- ip route del 192.0.0.0/2 via $WAN_GW
- # delete alternate routing table
- ip route flush table $TID
- # force routing system to recognize our changes
- ip route flush cache
- # delete source IP(s)/network(s) to be routed over VPN
- ip rule del from 192.168.1.7 table $TID
- ip rule del from 192.168.1.113 table $TID
- ip rule del from 192.168.2.0/24 table $TID
- ) 2>&1 | logger -t $(basename $0)[$$]
- EOF
- chmod +x $SCRIPT
- USERNAME="username"
- PASSWORD="password"
- PROTOCOL="udp"
- REMOTE_SERVERS="
- remote vpn.btguard.com 1194
- "
- #### DO NOT CHANGE below this line ####
- CA_CRT='-----BEGIN CERTIFICATE-----
- MIIDcjCCAtugAwIBAgIJAPKjuBleHokmMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYD
- VQQGEwJERTEVMBMGA1UECBMMSGVzc2UtTmFzc2F1MRIwEAYDVQQHEwlGcmFua2Z1
- cnQxEDAOBgNVBAoTB0JUR3VhcmQxEzARBgNVBAMTCkJUR3VhcmQgQ0ExIjAgBgkq
- hkiG9w0BCQEWE3N1cHBvcnRAYnRndWFyZC5jb20wHhcNMTAwODA3MDc0NTA5WhcN
- MjAwODA0MDc0NTA5WjCBgzELMAkGA1UEBhMCREUxFTATBgNVBAgTDEhlc3NlLU5h
- c3NhdTESMBAGA1UEBxMJRnJhbmtmdXJ0MRAwDgYDVQQKEwdCVEd1YXJkMRMwEQYD
- VQQDEwpCVEd1YXJkIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGJ0Z3VhcmQu
- Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4cBR6VLQICqdpTsjosIQ5
- 9elQZSRNQFaxWW3MeRC1xpJqjkbLJ9B9IO/Q/UyOa4a3qYHg8rI43wIF/RR6bwNX
- 3sZ5w6TrdVBk0DFZq6lDQ8/4Kpg1dKbdAgJjvtxiyrHWFtB0jYVGTlxwBSPflc2J
- RZDMAVVj83gQh8ODJeGjnwIDAQABo4HrMIHoMB0GA1UdDgQWBBQCj1U+EICMz8hF
- ++KZ8Ld1vR0sqTCBuAYDVR0jBIGwMIGtgBQCj1U+EICMz8hF++KZ8Ld1vR0sqaGB
- iaSBhjCBgzELMAkGA1UEBhMCREUxFTATBgNVBAgTDEhlc3NlLU5hc3NhdTESMBAG
- A1UEBxMJRnJhbmtmdXJ0MRAwDgYDVQQKEwdCVEd1YXJkMRMwEQYDVQQDEwpCVEd1
- YXJkIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGJ0Z3VhcmQuY29tggkA8qO4
- GV4eiSYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAgVeYTxvAonucE
- qWloEvzCCUWs8bS/HJ6M85WzG7FPNAXx2QbWwN3EMwKxtGc7QF8f+APoMukzsvd2
- vuI+1n0YwtD12cWMM9PLV2FhA2B+ajzssBTgvrbtX/SzKt0//lzrBp5Gyo6T/vO5
- 9KRb6DVfVWfB76+DLpTf9f3SLTgzKw==
- -----END CERTIFICATE-----'
- OPVPNENABLE=$(nvram get openvpncl_enable | awk '$1 == "0" {print $1}')
- if [ "$OPVPNENABLE" != 0 ]
- then
- nvram set openvpncl_enable=0
- nvram commit
- fi
- sleep 30
- mkdir /tmp/btguard; cd /tmp/btguard
- echo -e "$USERNAME\n$PASSWORD" > userpass.conf
- echo "$CA_CRT" > ca.crt
- #echo "#!/bin/sh" > route-up.sh; echo -e "#!/bin/sh\nsleep 2" > route-down.sh
- echo "#!/bin/sh
- iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
- iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
- iptables -I INPUT -i tun0 -j REJECT
- iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE" > /tmp/.rc_firewall
- chmod 644 ca.crt; chmod 600 userpass.conf
- #chmod 700 route-up.sh route-down.sh
- chmod 700 /tmp/.rc_firewall
- sleep 30
- echo "client
- dev tun
- proto $PROTOCOL
- script-security 2
- hand-window 60
- verb 3
- mute 5
- mtu-disc yes
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- keepalive 20 120
- reneg-sec 0
- log btguard.log
- ca ca.crt
- mute-replay-warnings
- daemon
- auth-user-pass userpass.conf
- $REMOTE_SERVERS" > openvpn.conf
- ln -s /tmp/btguard/btguard.log /tmp/btguard.log
- (killall openvpn; openvpn --config /tmp/btguard/openvpn.conf --route-up /tmp/btguard/route-up.sh --down-pre /tmp/btguard/route-down.sh) &
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement